Microsoft identifies critical code execution flaws in IoT and OT devices


Microsoft finds critical code execution bugs in IoT, OT devices

Microsoft security researchers have discovered over two dozen critical remote code execution (RCE) vulnerabilities in Internet of Things (IoT) devices and Operational Technology (OT) industrial systems.

These 25 security flaws are known collectively as BadAlloc and are caused by memory allocation Integer Overflow or Wraparound bugs.

Threat actors can exploit them to trigger system crashes and execute malicious code remotely on vulnerable IoT and OT systems.

Read more…